Re: silly question about /dev/log (fwd)
Hi!
Is debian prepared for having these special kind of permissions
for /dev/log?
-- p.
---------- Forwarded message ----------
Date: Mon, 5 Jul 1999 13:58:56 +0100 (GMT)
From: Chris Evans <chris@ferret.lmh.ox.ac.uk>
To: Mike Johnson <mike@enoch.org>
Cc: security-audit@ferret.lmh.ox.ac.uk
Subject: Re: silly question about /dev/log
On Mon, 5 Jul 1999, Mike Johnson wrote:
> While looking for world writeable files/directories on one of my Linux
> boxes, I came up with this (to me) surprise:
> srw-rw-rw- 1 root root 0 Jul 4 04:02 /dev/log
Yes, I also hate this legacy UNIX design flaw.
A simple step in the right direction would be
srw-rw---- 1 root log 0 Jul 4 04:02 /dev/log
Then, we analyse what really _needs_ to write to the log, and give out the
relevant permission.
Note that most of the stuff that you _really_ want logged, is logged by
things running as root anyway, e.g. login failures, connection attempts,
kernel logs.
Essentially, the approach of changing /dev/log permissions as above, and
seeing what breaks, would be both interesting and useful.
Chris
Reply to: